Mobile IPv4 Challenge/Response Extensions
RFC 3012

Document Type RFC - Proposed Standard (November 2000; No errata)
Obsoleted by RFC 4721
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 3012 (Proposed Standard)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                         C. Perkins
Request for Comments: 3012                         Nokia Research Center
Category: Standards Track                                     P. Calhoun
                                           Sun Microsystems Laboratories
                                                           November 2000

               Mobile IPv4 Challenge/Response Extensions

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

Abstract

   Mobile IP, as originally specified, defines an authentication
   extension (the Mobile-Foreign Authentication extension) by which a
   mobile node can authenticate itself to a foreign agent.
   Unfortunately, this extension does not provide ironclad replay
   protection for the foreign agent, and does not allow for the use of
   existing techniques (such as CHAP) for authenticating portable
   computer devices.  In this specification, we define extensions for
   the Mobile IP Agent Advertisements and the Registration Request that
   allow a foreign agent to use a challenge/response mechanism to
   authenticate the mobile node.

Perkins & Calhoun           Standards Track                     [Page 1]
RFC 3012             Mobile IPv4 Challenge/Response        November 2000

Table of Contents

    1. Introduction . . . . . . . . . . . . . . . . . . . . . . . .  2
    2. Mobile IP Agent Advertisement Challenge Extension  . . . . .  3
    3. Operation  . . . . . . . . . . . . . . . . . . . . . . . . .  3
        3.1. Mobile Node Processing for Registration Requests . . .  3
        3.2. Foreign Agent Processing for Registration Requests . .  5
        3.3. Foreign Agent Processing for Registration Replies  . .  7
        3.4. Home Agent Processing for the Challenge Extensions . .  7
    4. MN-FA Challenge Extension  . . . . . . . . . . . . . . . . .  7
    5. Generalized Mobile IP Authentication Extension . . . . . . .  8
    6. MN-AAA Authentication subtype. . . . . . . . . . . . . . . .  9
    7. Reserved SPIs for Mobile IP. . . . . . . . . . . . . . . . .  9
    8. SPI For RADIUS AAA Servers . . . . . . . . . . . . . . . . . 10
    9. Configurable Parameters. . . . . . . . . . . . . . . . . . . 10
   10. Error Values  . . . . . . . . . . . . . . . . .. . . . . . . 10
   11. IANA Considerations  . . . . . . . . . . . . . . . . . . . . 11
   12. Security Considerations  . . . . . . . . . . . . . . . . . . 12
   13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12
   References . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
    A. Verification Infrastructure  . . . . . . . . . . . . . . . . 14
   Addresses  . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
   Full Copyright Statement . . . . . . . . . . . . . . . . . . . . 17

1. Introduction

   Mobile IP, as originally specified, defines an authentication
   extension (the Mobile-Foreign Authentication extension) by which a
   mobile node can authenticate itself to a foreign agent.

   Unfortunately, this extension does not provide ironclad replay
   protection, from the point of view of the foreign agent, and does not
   allow for the use of existing techniques (such as CHAP [12]) for
   authenticating portable computer devices.  In this specification, we
   define extensions for the Mobile IP Agent Advertisements and the
   Registration Request that allow a foreign agent to a use
   challenge/response mechanism to authenticate the mobile node.

   All SPI values defined in this document refer to values for the
   Security Parameter Index, as defined in RFC 2002 [8].  The key words
   "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
   "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document
   are to be interpreted as described in [1].

Perkins & Calhoun           Standards Track                     [Page 2]
RFC 3012             Mobile IPv4 Challenge/Response        November 2000

2. Mobile IP Agent Advertisement Challenge Extension

   This section defines a new extension to the Router Discovery Protocol
   [3] for use by foreign agents that need to issue a challenge for
   authenticating mobile nodes.

       0                   1                   2                   3
Show full document text